Thread: Unlocked Physical Memory

Link to original post: http://www.rohitab.com/discuss/topic...ysical-memory/

You can pull some hard shit with this , the author dosent like that though , so i guess i wont , since i kinda respect the guy

Why would malware use this? If one needs to load a driver to access kernel memory, why not do the things you want done in the kernel in the driver code? Only use (for malware) would be to dump out memory and inject a payload (but then again, if you want a kernel payload, why not compile as a driver?)

Originally Posted by SqUeEzEr

Why would malware use this? If one needs to load a driver to access kernel memory, why not do the things you want done in the kernel in the driver code? Only use (for malware) would be to dump out memory and inject a payload (but then again, if you want a kernel payload, why not compile as a driver?)

I agree, if you're able to load a driver then why the hell would you need direct access to physical memory? You've got everything you need already.
I suppose if the guy is just using it as a tool to sniff about, fine... but I can't think of a valid malware use for this either.

Besides, Firewire devices have DMA, so you can plug something into the Firewire port and have it dump the entire contents of physical memory, or inject whatever you want that way.